p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

security: Remove rtnl_lock() in selinux_xfrm_notify_policyload() 

rt_genid_bump_all() consists of ipv4 and ipv6 part.
ipv4 part is incrementing of net::ipv4::rt_genid,
and I see many places, where it's read without rtnl_lock().

ipv6 part calls __fib6_clean_all(), and it's also
called without rtnl_lock() in other places.

So, rtnl_lock() here was used to iterate net_namespace_list only,
and we can remove it.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Kirill Tkhai 2018-03-29 19:20:56 +03:00 committed by David S. Miller
parent 10256debb9
commit 350311aab4
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/selinux/include/xfrm.h
View File

@ -47,12 +47,10 @@ static inline void selinux_xfrm_notify_policyload(void)
{
struct net *net;
rtnl_lock();
down_read(&net_rwsem);
for_each_net(net)
rt_genid_bump_all(net);
up_read(&net_rwsem);
rtnl_unlock();
}
#else
static inline int selinux_xfrm_enabled(void)